The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

You need to make sure the id is not doing anything naughty! I'm not sure if this would work, or if this is the correct code p), but a user could change id to something like this and try and drop the database (if they knew the name):

1;DROP DATABASE name_of_your_db

One thing you should do is make sure the data is the correct type, id is probably an integer, so make sure:

PHP Code:

$id = (int) $_GET['id'];

If id is anything other than an integer it will be given the value 0 and can't do any harm